<?php
/*********************************************************************
    index.php

    Client Login 

    Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2010 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
    $Id: $
**********************************************************************/
require_once('main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error');
define('CLIENTINC_DIR',INCLUDE_DIR.'client/');
define('OSTCLIENTINC',TRUE); //make includes happy

require_once(INCLUDE_DIR.'class.client.php');
require_once(INCLUDE_DIR.'class.ticket.php');
//We are ready baby
$loginmsg='Authentication Required<br/>';

 //modified staff login form
 
 if($_POST && (!empty($_POST['login']) && !empty($_POST['pass']))){
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg='Invalid login';
    
    if($_SESSION['_client']['laststrike']) {
        if((time()-$_SESSION['_client']['laststrike'])<$cfg->getClientLoginTimeout()) {
            $loginmsg='Excessive failed login attempts';
            $errors['err']='You\'ve reached maximum failed login attempts allowed. Try again later';
        }else{ //Timeout is over.
            //Reset the counter for next round of attempts after the timeout.
            $_SESSION['_client']['laststrike']=null;
            $_SESSION['_client']['strikes']=0;
        }    
    }

    if(!$errors && ($user=new ClientSession($_POST['login'])) && $user->getId() && $user->check_passwd($_POST['pass'])){
        
        //update last login.  
        db_query('UPDATE '.EMAIL_TABLE.' SET updated=NOW() WHERE email='.db_input($_POST['login']));    
        //Figure out where the user is headed - destination!
        //$dest=$_SESSION['_staff']['auth']['dest'];
        //Now set session crap and lets roll baby!
        $_SESSION['_client']=array(); //clear.
        $_SESSION['_client']['userID']=$_POST['login'];
        echo 'login session:'.$_SESSION['_client']['userID'].'<br/>';
        echo session_id().'<br/>';
        $_SESSION['_client']['key']      =$_POST['pass']; //Ticket ID --acts as password when used with email. See above.
        $_SESSION['_client']['token']    =$user->getSessionToken();
        //$user->refreshSession(); //set the hash.
        $_SESSION['TZ_OFFSET']=$cfg->getTZoffset();
        $_SESSION['daylight']=$cfg->observeDaylightSaving();

        Sys::log(LOG_DEBUG,'Client login',sprintf("%s logged in [%s]",$user->getUserName(),$_SERVER['REMOTE_ADDR'])); //Debug.
        //Redirect to the original destination. (make sure it is not redirecting to login page.)
        //$dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
        session_write_close();
        session_regenerate_id();
        header("Location: tickets.php");
        require_once('tickets.php'); //Just incase header is messed up.
        exit;
    }
    //If we get to this point we know the login failed.
    echo 'Login failed';
    $_SESSION['_client']['strikes']+=1;
    if(!$errors && $_SESSION['_client']['strikes']>$cfg->getClientMaxLogins()) {
        $msg='Access Denied';
        $errors['err']='Forgot your login info? Contact IT Dept.';
        $_SESSION['_client']['laststrike']=time();
        $alert='Excessive login attempts by a client member?'."\n".
               'Username: '.$_POST['login']."\n".'IP: '.$_SERVER['REMOTE_ADDR']."\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".
               'Attempts #'.$_SESSION['_client']['strikes']."\n".'Timeout: '.($cfg->getClientLoginTimeout()/60)." minutes \n\n";
        Sys::log(LOG_ALERT,'Excessive login attempts (client)',$alert,($cfg->alertONLoginError()));
    }elseif($_SESSION['_client']['strikes']%2==0){ //Log every other failed login attempt as a warning.
        $alert='Username: '.$_POST['login']."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
               "\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$_SESSION['_client']['strikes'];
        Sys::log(LOG_WARNING,'Failed login attempt (client)',$alert);
    }
}

require(CLIENTINC_DIR.'header.inc.php');
require(CLIENTINC_DIR.'login.inc.php');
require(CLIENTINC_DIR.'footer.inc.php');
?>
